Cloud First Policy General Directorate of Governance and Operations Version April 2017
|
|
- Agnes Hubbard
- 5 years ago
- Views:
Transcription
1 General Directorate of Governance and Operations Version April 2017
2 Table of Contents Definitions/Glossary... 2 Policy statement... 3 Entities Affected by this Policy... 3 Who Should Read this Policy... 3 Policy Principles... 3 Overview of Cloud Computing... 4 Essential Characteristics... 4 Deployment Models:... 5 Service Models:... 5 Detailed Purpose of Policy... 6 Operational Framework... 6 Application/Service Migration Criteria... 7 Cloud Security Principles... 7 Security Framework... 8 Data Classification... 8 Mitigation and Back-Up... 8 Data Sovereignty... 9 Open Data... 9 Roles and Responsibilities... 9 Government Entity... 9 iga... 9 ICTGC/SCICT IGA Related Policies Related Procedures Related References
3 Definitions/Glossary Acronyms / Abbreviations iga ICT SCICT ICTGC CSP SLA Definition Information and egovernment Authority Information and Communication Technology Supreme Council for Information and Communication Technology Information and Communication Technology Governance Committee Cloud Service Provider Service Level Agreement 2
4 Policy statement The Bahraini Government is committed to modernizing government information and communication technologies (ICTs) and will lead by example in using cloud computing services to reduce costs, increase security, increase productivity, and develop excellent citizen services, The Kingdom of Bahrain will adopt a Cloud-First approach with the aim of: Reducing the cost of government ICT by eliminating duplication of solutions and fragmentation in the technology environment, and leveraging the efficiencies of on-demand provisioning of ICT services; Increasing security by using accredited platforms; Increasing productivity and agility, and thus improving citizen services. In order to achieve this, all government agencies of the Kingdom of Bahrain will evaluate cloud-based services when undertaking all ICT procurements. The decision on the appropriate ICT delivery model will be based on an assessment of each application, incorporating fitment of purpose, cost benefit analysis and achieving value for money over the life of the investment. This assessment is best achieved by using any of the well-established tools available in the market, either from the identified cloud service provider and/or a non-attached third party. This document sets out general guiding principles for a cloud first approach for government ministries and agencies to consider in adopting cloud computing solutions as a primary part of their information technology planning and procurement. Entities Affected by this Policy This policy is applicable to all government entities who are looking to host their data, applications or services in the centralized cloud environment, in accordance with the overall government direction to use a cloud-first approach to support cost optimization in ICT. It is also applicable to iga, as they would be the interface between the cloud service provider and government entities, and ICTGC, who will govern the overall implementation of this policy. Who Should Read this Policy ICT leadership of all Ministries and Government Entities. Policy Principles This policy is based on the following driving principles: ICT at entity level must focus on functional excellence and delivering higher business value ICT Infrastructure is one key candidate for national level consolidation and optimization Standardized infrastructure management enables optimization of infrastructure cost Improvement in service quality improved security efficient business continuity Promote holistic cloud first approach while respecting the Kingdom of Bahrain and every ministries roles, legislation, and mandates. The following rationale of this principle applies to: To reduce redundancy and associated complexity across the ministries and agencies 3
5 To design IT infrastructure with a "one government" approach, to facilitate changes in government business processes in an easier and quicker way Enable cost optimization and risk reduction across government through leveraging common platform and information systems for cross-government service delivery Overview of Cloud Computing There are many different definitions for cloud computing. The Kingdom of Bahrain government has adopted the National Institute of Standards and Technology (NIST) definition that defines cloud computing as: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g. networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This section provides a brief overview of the essential characteristics of cloud computing together with the cloud service and deployment models. It is recommended that agencies familiarize themselves with the NIST definitions to ensure that they are able to identify and understand the risks associated with different cloud service and deployment models. Essential Characteristics The following provides an overview of the five essential characteristics for cloud computing as defined by NIST 1 : 1 4
6 On-Demand Self-Service customers are able to provision resources (e.g. a virtual server or account) without any interaction with the service provider s. Broad Network Access customers are able to access resources over networks such as the Internet using a ubiquitous client (e.g. a web browser) from a range of client devices (e.g. smartphones, tablets, laptops). Resource Pooling the service provider s computing resources are pooled to serve multiple customers. Typically, virtualization technologies are used to facilitate multi-tenancy and enable computing resources to be dynamically assigned and reallocated based on customer demand. Rapid Elasticity resources can be quickly provisioned and released, sometimes automatically, based on demand. Customers can easily increase or decrease their use of a cloud service to meet their current needs. Measured Service customers pay only for the resources they actually use within the service. Typically the service provider will supply customers with a dashboard so that they can track their usage. Deployment Models: Public cloud - The cloud infrastructure is provisioned for open use by the general public. It may be owned, managed, and operated by a business, academic, or government organization, or some combination of them. It exists on the premises of the cloud provider. Private cloud - The cloud infrastructure is provisioned for exclusive use by a single organization comprising multiple consumers (e.g., business units). It may be owned, managed, and operated by the organization, a third party, or some combination of them, and it may exist on or off premises. Community cloud - The cloud infrastructure is provisioned for exclusive use by a specific community of consumers from organizations that have shared concerns (e.g., mission, security requirements, policy, and compliance considerations). It may be owned, managed, and operated by one or more of the organizations in the community, a third party, or some combination of them, and it may exist on or off premises. Hybrid cloud - The cloud infrastructure is a composition of two or more distinct cloud infrastructures (private, community, or public) that remain unique entities, but are bound together by standardized or proprietary technology that enables data and application portability (e.g. cloud bursting for load balancing between clouds). Service Models: Business Process as a Service (BPaaS) - The capability provided to the consumer is any type of horizontal or vertical business process that s delivered based on the cloud services model. These cloud services which include Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS) are therefore dependent on related services. Software as a Service (SaaS) - The capability provided to the consumer is to use the provider s applications running on a cloud infrastructure. The applications are accessible from various client devices through either a thin client interface, such as a web browser (e.g., web-based ), or a program interface. The consumer does not manage or control the underlying cloud infrastructure 5
7 including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings. Platform as a Service (PaaS) - The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages, libraries, services, and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly configuration settings for the applicationhosting environment. Infrastructure as a Service (IaaS) - The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, and deployed applications; and possibly limited control of select networking components (e.g., host firewalls). Detailed Purpose of Policy This policy provides guidance to all government entities in the Kingdom of Bahrain, as the Kingdom moves towards a common operating environment for all government entities, leading to: Reduction in cost for both hardware and platforms. Outsourcing government services to cloud computing results in immediate reductions of large capital outlays for infrastructure and maintenance costs. Up to date, best of class solutions also become immediately available to government agencies through cloud provisioning. Improved manageability and productivity of ICT solutions. Government ICT resiliency and security is improved and made consistent with upgrades to both hardware and software being managed by the service provider. Better integration between services. More effective collaboration is enabled as agencies are more easily able to share resources across institutions, improving efficiency, and enabling creativity in delivering public services. Operational continuity and business recovery. With centralized and redundant data storage and backups, business recovery and data retrieval during times of crisis becomes faster and more cost effective. Greater budget control. A pay for what you use model means that government agencies can purchase as much or as little resource as needed, and only when needed. Cloud scalability results in systems usage being dialed up or down as it is required. Transparency of the utility-based pricing structure means that spending caps and alerts can be implemented to further assist in budget control. Greater agility. Cloud computing streamlines development, support and hosting of ICT solutions, resulting in improved service performance and faster deployment of services. It reduces the amounts of ICT infrastructure required to be built and owned by government agencies, shifting the focus from management of infrastructure to delivery of services. Operational Framework In order to achieve these benefits, the following aspects must be incorporated in the overall process for ICT solution development and delivery. 6
8 Application/Service Migration Criteria Government entities are required to use cloud services for new ICT services and when replacing any existing ICT services, except if: it can be shown that an alternative ICT deployment strategy meets special requirements of a government agency and it can be shown that an alternative ICT deployment strategy is more cost effective from a Total Cost of Ownership (TCO) perspective, and demonstrates at least the same level of security assurance than a cloud computing deployment. In using cloud services to reduce costs, improve productivity and develop efficient services, Government entities are to ensure that the cloud service selected is (refer to Cloud Assessment documents): fit for purpose, provides adequate management of risk to information and ICT assets as defined by the relevant security principles, and adheres to local legal and regulatory requirements. In using cloud services to reduce costs, improve productivity and develop efficient services, Government entities are to: consider new major hardware / software projects as a trigger for evaluating and adopting cloud services; adopt cloud based services for testing and development needs; consider potential of using cloud services for hosting public facing websites; evaluate private, community, public or hybrid cloud services for operational systems as defined by ICTGC guidelines. Cloud Security Principles The benefit of migrating government workloads and data onto commercial cloud is the ability to enhance overall data security. Cloud service providers engaged by government agencies will be required to meet international security standards, and ensure appropriate certification. They will abide by all relevant industry standards, for example, international security standards such as ISO 27001, Service Organization Controls Report (SOC) 1 and 2; and will adhere to any additional certifications required by specific industries, such as the Payment Card Industry Data Security Standard (PCI DSS), and Cloud Security Alliance (CSA) certification and audit, as well as others. Government agencies should collaborate with the entity responsible for Information Security in Bahrain to establish a security framework which applies a risk management approach towards its own data control requirements (see Data Classification), and align this with international standards and certifications, as well as industry standards. The precise level of security requirements for contracted cloud services should be determined by the contracting agency based on an assessment of data risk. Stipulated security controls can include any one or more of the following: Physical and environmental security Business continuity management and incidence response Inventory and configuration management Data encryption 7
9 Access controls, monitoring and logging Network security and monitoring. Security Framework Managing the security of contracted cloud services is a responsibility that is shared between the entity responsible for Information Security in Bahrain, contracting agency and the cloud service provider, with the entity responsible for information security defining security controls in the cloud, contracting agency align to it, while the cloud service provider is responsible for the security of the cloud. In short the data itself remains under the ownership and control of the data owner at all times. The level of responsibility on both parties depends on the cloud deployment model type, and agencies should be clear as to their responsibilities in each model. Data security depends upon: 1. Meeting security requirements for each data classification level; and 2. Employing standardized tools and procedures for audit. All data that can be migrated to the commercial cloud will need to meet the necessary security requirements for accreditation, and be verified by international cloud security standards. Commercial cloud service providers should provide logical security audit on data access, including logs and audit trails to ensure the prescribed security and privacy requirements are met. Government agencies must collaborate with the entity responsible for Information Security in Bahrain to perform the logical audits and continuous security monitoring to ensure cloud services meet the agreed-upon data confidentiality and integrity, that there have been no data breaches, and that data and workloads are continuously available. Data Classification An important component of any comprehensive security policy is a policy for classifying data, allowing government agencies to appropriately protect different types of data, while discouraging wasting resources on unnecessary and costly security controls for less sensitive information. Most government organizations handle comparatively little highly sensitive information (refer to Government Data Classification Guidelines and State Secrete Law). Nonetheless, with a data classification framework and an understanding of the required security controls in place, government agencies can then decide on assuring that appropriate controls have been designed and implemented relative to the level of security classification, and to ensure that they are operating effectively on an ongoing basis. Mitigation and Back-Up Agencies need to have in place mitigation and redundancy contingencies. It is the responsibility of each government agency to ensure that they have a mitigation and back-up plan for their data and services. These plans need to ensure at a minimum: Having service continuity in times of disaster or emergency No government data loss occurs without recovery. A mitigation and back-up plan should include backing-up data in a second location in two regions so as to ensure (i) full data protection, (ii) continued and uninterrupted service, and (iii) data recovery. 8
10 Data Sovereignty The benefits of cloud are best realized when there are no data residency restrictions placed on data. Such restrictions undermine the economies of scale and security benefits to be gained from shared computing infrastructure. Access to data in the cloud is dependent on security controls, and agencies concerned with extraterritorial access to data owned by the government should select cloud vendors with the appropriate security standards and controls. Open Data Globally, governments are increasingly making their non-restricted data available for the public to discover, access, and use. These open data initiatives facilitate the development of public services, fuel entrepreneurship, accelerate research and scientific discovery, and create efficiencies across multiple sectors. Government entities should endorse the open data principle and, where technically feasible and economically reasonable, make non-restricted data available to other government agencies and the public through the cloud. In keeping with this principle and policy, government agencies should likewise manage their data assets to promote openness and use for the public good. Roles and Responsibilities This policy is approved by SCICT, developed and reviewed by ICTGC, and implemented by Government entities and iga. Any changes or deviations from this policy will need a review by ICTGC, and approval by SCICT. The implementation of the policy will be monitored and governed by ICTGC and SCICT. In addition, the following roles and responsibilities for each stakeholder, involved with the policy implementation, have been listed below. Government Entity iga The Heads of the Government entities are responsible for ensuring all aspects of this policy and guidelines are applied within their entity. All Government employees involved in procuring cloud based services, applications or platform hosting services for the Government entity must adhere to this policy (refer to ICT Procurement Practice). The business owner is responsible for the application functionality and support. The business owner will ensure optimal sizing and detailed analysis of usage, incorporating seasonal spikes in workloads, to enable accurate budgeting for the cloud services required. Monitoring and ensuring the performance of the applications is as per the stated SLA. The entity shall monitor usage of the cloud services and provide a monthly usage report to ICTGC. This is to ensure that the usage does not exceed the budgeted limit for the entity. Act as the interface between cloud service provider and government entities. Ensure relevant SLAs are defined for the applications based on the entity requirements. Monitor and govern SLAs agreed with cloud service provider. Provide support and guidance to entities in assessment and identification of applications to move to the cloud. Provide technical support to modify applications and get them cloud ready. 9
11 ICTGC ICTGC will maintain an oversight on the implementation of this policy. ICTGC will audit the government entities for compliance at its discretion, at regular intervals as well as on an ad hoc basis. Shall act as the arbitrator in cases if dispute between the various government entities SCICT SCICT set the strategic direction for Cloud initiative and oversight the Cloud Strategy implementation. References Document IGA Related Policies Web Hosting Security Policy Password Security Policy GDN Connectivity Policy Wireless Security Policy Bespoke Development vs COTS Policy Deployment and Hosting Policy Related Procedures Cloud Applicability Assessment Cloud Deployment Checklist and Procedure Related References Government Data Classifications State Secret Law Service Catalog and Service Classification Cloud Adoption Roadmap and Capability Development Plan ICT Procurement Code of Practice 10
10 Considerations for a Cloud Procurement. March 2017
10 Considerations for a Cloud Procurement March 2017 2017, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document is provided for informational purposes only. It represents
More informationALI-ABA Topical Courses ESI Retention vs. Preservation, Privacy and the Cloud May 2, 2012 Video Webcast
21 ALI-ABA Topical Courses ESI Retention vs. Preservation, Privacy and the Cloud May 2, 2012 Video Webcast The NIST Definition of Cloud Computing: Recommendations of the National Institute of Standards
More informationCloud Computing Standard 1.1 INTRODUCTION 2.1 PURPOSE. Effective Date: July 28, 2015
Cloud Computing Standard Effective Date: July 28, 2015 1.1 INTRODUCTION Cloud computing services are application and infrastructure resources that users access via the Internet. These services, contractually
More informationNATIONAL GUIDELINES ON CLOUD COMPUTING FOR GOVERNMENT, MINISTRIES, DEPARTMENTS AND AGENCIES
NATIONAL GUIDELINES ON CLOUD COMPUTING FOR GOVERNMENT, MINISTRIES, DEPARTMENTS AND AGENCIES DOCUMENT DETAIL Security Classification Unclassified Authority National Information Technology Authority - Uganda
More informationCloud Computing. Presentation to AGA April 20, Mike Teller Steve Wilson
Presentation to AGA April 20, 2017 Mike Teller Steve Wilson Agenda: What is cloud computing? What are the potential benefits of cloud computing? What are some of the important issues agencies need to consider
More informationAccelerate Your Enterprise Private Cloud Initiative
Cisco Cloud Comprehensive, enterprise cloud enablement services help you realize a secure, agile, and highly automated infrastructure-as-a-service (IaaS) environment for cost-effective, rapid IT service
More informationGetting Hybrid IT Right. A Softchoice Guide to Hybrid Cloud Adoption
Getting Hybrid IT Right A Softchoice Guide to Hybrid Cloud Adoption Your Path to an Effective Hybrid Cloud The hybrid cloud is on the radar for business and IT leaders everywhere. IDC estimates 1 that
More informationOFFICE OF THE ASSISTANT SECRETARY OF DEFENSE HEALTH AFFAIRS SKYLINE FIVE, SUITE 810, 5111 LEESBURG PIKE FALLS CHURCH, VIRGINIA
OFFICE OF THE ASSISTANT SECRETARY OF DEFENSE HEALTH AFFAIRS SKYLINE FIVE, SUITE 810, 5111 LEESBURG PIKE FALLS CHURCH, VIRGINIA 22041-3206 TRICARE MANAGEMENT ACTIVITY MEMORANDUM FOR: SEE DISTRIBUTION SUBJECT:
More informationChoosing the Right Cloud. ebook
Choosing the Right Cloud ebook Contents Choosing the Right Cloud...3 The Cloud Explained: Public Cloud...4 The Cloud Explained: Private Cloud...5 Assessing Workload Characteristics...6 Right Application.
More informationSupporting the Cloud Transformation of Agencies across the Public Sector
SOLUTION SERVICES Supporting the Cloud Transformation of Agencies across the Public Sector BRIEF Digital transformation, aging IT infrastructure, the Modernizing Government Technology (MGT) Act, the Datacenter
More informationGOVERNMENT ICT STANDARDS
GOVERNMENT ICT STANDARDS Cloud Computing Standard First Edition 2016 ICTA 2016 All rights reserved CONTENTS ICTA STANDARDS DESCRIPTION 4 DOCUMENT CONTROL 6 FOREWORD 7 INTRODUCTION 8 SCOPE 9 APPLICATION
More informationData Security, Integrity and Accessibility in the Cloud
Data Security, Integrity and Accessibility in the Cloud Shared Responsibility Principles for Financial Services Institutions & Cloud Service Providers Introduction This document presents principles intended
More informationWhat you need to know about cloud backup: your guide to cost, security, and flexibility. 8 common questions answered
What you need to know about cloud backup: your guide to cost, security, and flexibility. 8 common questions answered Over the last decade, cloud backup, recovery and restore (BURR) options have emerged
More informationManaging SaaS risks for cloud customers
Managing SaaS risks for cloud customers Information Security Summit 2016 September 13, 2016 Ronald Tse Founder & CEO, Ribose For every IaaS/PaaS, there are 100s of SaaS PROBLEM SaaS spending is almost
More informationTopics of Discussion
CPET 581 Cloud Computing: Technologies and Enterprise IT Strategies Lecture on NIST Cloud Computing Definition, Standards & Roadmap, Security & Privacy Guidelines Spring 2013 A Specialty Course for Purdue
More informationIn 2017, the Auditor General initiated an audit of the City s information technology infrastructure and assets.
REPORT FOR ACTION IT Infrastructure and IT Asset Management Review: Phase 1: Establishing an Information Technology Roadmap to Guide the Way Forward for Infrastructure and Asset Management Date: January
More informationVirtustream Cloud and Managed Services Solutions for US State & Local Governments and Education
Data Sheet Virtustream Cloud and Managed Services Solutions for US State & Local Governments and Education Available through NASPO ValuePoint Cloud Services VIRTUSTREAM CLOUD AND MANAGED SERVICES SOLUTIONS
More informationGovernment IT Modernization and the Adoption of Hybrid Cloud
Government IT Modernization and the Adoption of Hybrid Cloud An IDC InfoBrief, Sponsored by VMware June 2018 Federal and National Governments Are at an Inflection Point Federal and national governments
More informationFuture Shifts in Enterprise Architecture Evolution. IPMA Marlyn Zelkowitz, SAP Industry Business Solutions May 22 nd, 2013
Future Shifts in Enterprise Architecture Evolution IPMA Marlyn Zelkowitz, SAP Industry Business Solutions May 22 nd, 2013 Agenda Terminology & Definitions Evolution to Cloud Cloud Adoption Appendix 2013
More informationPrivacy hacking & Data Theft
Privacy hacking & Data Theft Cloud Computing risks & the Patricia A RoweSeale CIA, CISA, CISSP, CRISC, CRMA The IIA (Barbados Chapter) Internal Audit Portfolio Director CIBC FirstCaribbean Objectives Cloud
More informationCopyright 2011 EMC Corporation. All rights reserved.
1 2 How risky is the Cloud? 3 Is Cloud worth it? YES! 4 Cloud adds the concept of Supply Chain 5 Cloud Computing Definition National Institute of Standards and Technology (NIST Special Publication 800-145
More informationLeveraging the Cloud for Law Enforcement. Richard A. Falkenrath, PhD Principal, The Chertoff Group
Leveraging the Cloud for Law Enforcement Richard A. Falkenrath, PhD Principal, The Chertoff Group Law Enforcement Information Management Training Conference & Technology Exposition May 21,2013 Outline
More informationCloud Computing and Its Impact on Software Licensing
Cloud Computing and Its Impact on Software Licensing By Gretchen Kwashnik & Jim Cecil January 25, 2012 What is Cloud Computing? Cloud computing is a model for enabling: on-demand network access to a shared
More informationTHE DATA CENTER AS A COMPUTER
THE DATA CENTER AS A COMPUTER Cloud Computing November- 2013 FIB-UPC Master MEI CLOUD COMPUTING It s here to stay CONTENT 1. How do we get here? 2. What is Cloud Computing? 3. Definitons and types 4. Case
More informationINTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE
INTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE INTRODUCTION AGENDA 01. Overview of Cloud Services 02. Cloud Computing Compliance Framework 03. Cloud Adoption and Enhancing
More informationIntroduction to Cloud Computing. [thoughtsoncloud.com] 1
Introduction to Cloud Computing [thoughtsoncloud.com] 1 Outline What is Cloud Computing? Characteristics of the Cloud Computing model Evolution of Cloud Computing Cloud Computing Architecture Cloud Services:
More informationThe Common Controls Framework BY ADOBE
The Controls Framework BY ADOBE The following table contains the baseline security subset of control activities (derived from the Controls Framework by Adobe) that apply to Adobe s enterprise offerings.
More information2013 AWS Worldwide Public Sector Summit Washington, D.C.
Washington, D.C. How to Buy the Cloud Brett McMillen, Principal Doug VanDyke, General Manager Changing IT Acquisition Strategies Old World IT Price lock Vendor lock-in Rigid CLIN structure CapEx Budget
More information01.0 Policy Responsibilities and Oversight
Number 1.0 Policy Owner Information Security and Technology Policy Policy Responsibility & Oversight Effective 01/01/2014 Last Revision 12/30/2013 Department of Innovation and Technology 1. Policy Responsibilities
More informationCloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud Services http://www.cloud-council.org/deliverables/cloud-customer-architecture-for-securing-workloads-on-cloud-services.htm Webinar April 19,
More informationBuilding Trust in the Era of Cloud Computing
Building Trust in the Era of Cloud Computing ICMC 2017 Conference May 17, 2017 v1.0 David Gerendas Group Product Manager TRUST A FIRM belief in the! Reliability! Truth! Ability of someone or something.
More informationSecurity Models for Cloud
Security Models for Cloud Kurtis E. Minder, CISSP December 03, 2011 Introduction Kurtis E. Minder, Technical Sales Professional Companies: Roles: Security Design Engineer Systems Engineer Sales Engineer
More informationCloud Computing, SaaS and Outsourcing
Cloud Computing, SaaS and Outsourcing Michelle Perez, AGC Privacy, IPG Bonnie Yeomans, VP, AGC & Privacy Officer, CA Technologies PLI TechLaw Institute 2017: The Digital Agenda Introduction to the Cloud
More informationBest Practices in Securing a Multicloud World
Best Practices in Securing a Multicloud World Actions to take now to protect data, applications, and workloads We live in a multicloud world. A world where a multitude of offerings from Cloud Service Providers
More informationPart III: Evaluating the Business Value of the Hybrid Cloud
Contents at a Glance Introduction... 1 Part I: Understanding Concepts and Construction... 7 Chapter 1: Discovering the Fundamentals of Your Computing Environment...9 Chapter 2: The Hybrid Cloud Continuum...25
More informationClouds in the Forecast. Factors to Consider for In-House vs. Cloud-Based Systems and Services
Clouds in the Forecast Factors to Consider for In-House vs. Cloud-Based Systems and Services Speakers Sam Gabal Sam Gabal is a Sales Executive with Origami Risk, based in Orange County and experienced
More informationMitigating Risks with Cloud Computing Dan Reis
Mitigating Risks with Cloud Computing Dan Reis Director of U.S. Product Marketing Trend Micro Agenda Cloud Adoption Key Characteristics The Cloud Landscape and its Security Challenges The SecureCloud Solution
More informationASD CERTIFICATION REPORT
ASD CERTIFICATION REPORT Amazon Web Services Elastic Compute Cloud (EC2), Virtual Private Cloud (VPC), Elastic Block Store (EBS) and Simple Storage Service (S3) Certification Decision ASD certifies Amazon
More informationClick to edit Master title style
Federal Risk and Authorization Management Program Presenter Name: Peter Mell, Initial FedRAMP Program Manager FedRAMP Interagency Effort Started: October 2009 Created under the Federal Cloud Initiative
More informationShaping the Cloud for the Healthcare Industry
Shaping the Cloud for the Healthcare Industry Louis Caschera Chief Information Officer CareTech Solutions www.caretech.com > 877.700.8324 Information technology (IT) is used by healthcare providers as
More informationChoosing a Secure Cloud Service Provider
Choosing a Secure Cloud Service Provider Dr. Ricci IEONG, CISSP, CISA, CISM, CCSK, CCSP, CEH,GPEN, GIAC Advisory Board, ISSAP, ISSMP, F.ISFS Vice President Professional Development Cloud Security Alliance
More information"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary
Course Summary Description In this course, you will perform evaluations of organizational policies, procedures, and processes to ensure that an organization's information systems align with overall business
More informationIT Attestation in the Cloud Era
IT Attestation in the Cloud Era The need for increased assurance over outsourced operations/ controls April 2013 Symeon Kalamatianos M.Sc., CISA, CISM Senior Manager, IT Risk Consulting Contents Introduction
More informationCOMPTIA CLO-001 EXAM QUESTIONS & ANSWERS
COMPTIA CLO-001 EXAM QUESTIONS & ANSWERS Number: CLO-001 Passing Score: 800 Time Limit: 120 min File Version: 39.7 http://www.gratisexam.com/ COMPTIA CLO-001 EXAM QUESTIONS & ANSWERS Exam Name: CompTIA
More informationCloud Computing Concepts, Models, and Terminology
Cloud Computing Concepts, Models, and Terminology Chapter 1 Cloud Computing Advantages and Disadvantages https://www.youtube.com/watch?v=ojdnoyiqeju Topics Cloud Service Models Cloud Delivery Models and
More informationHow to ensure control and security when moving to SaaS/cloud applications
How to ensure control and security when moving to SaaS/cloud applications Stéphane Hurtaud Partner Information & Technology Risk Deloitte Laurent de la Vaissière Directeur Information & Technology Risk
More informationCLOUD COMPUTING READINESS CHECKLIST
CLOUD COMPUTING READINESS DAVE WILLIS STEPHEN GOLDSMITH SUBJECT MATTER EXPERTS, CLOUD COMPUTING DENOVO DAVE WILLIS STEPHEN GOLDSMITH SUBJECT MATTER EXPERTS, CLOUD COMPUTING DENOVO 1 CONTENTS INTRODUCTION
More informationBuilding a Secure and Compliant Cloud Infrastructure. Ben Goodman Principal Strategist, Identity, Compliance and Security Novell, Inc.
Building a Secure and Compliant Cloud Infrastructure Ben Goodman Principal Strategist, Identity, Compliance and Security Novell, Inc. Why Are We Here? Expanded Enterprise Data access anywhere, anytime
More informationWhy the cloud matters?
Why the cloud matters? Speed and Business Impact Expertise and Performance Cost Reduction Trend Micro Datacenter & Cloud Security Vision Enable enterprises to use private and public cloud computing with
More informationPractical Guide to Cloud Computing Version 2. Read whitepaper at
Practical Guide to Cloud Computing Version 2 Read whitepaper at www.cloud-council.org/resource-hub Sept, 2015 The Cloud Standards Customer Council THE Customer s Voice for Cloud Standards! 2011/2012 Deliverables
More informationCloud Computing. January 2012 CONTENT COMMUNITY CONVERSATION CONVERSION
Cloud Computing January 2012 CONTENT COMMUNITY CONVERSATION CONVERSION Purpose and Methodology Survey Sample Field Work December 20, 2011 January 9, 2012 Total Respondents 554 Margin of Error +/- 4.2%
More informationSolutions Technology, Inc. (STI) Corporate Capability Brief
Solutions Technology, Inc. (STI) Corporate Capability Brief STI CORPORATE OVERVIEW Located in the metropolitan area of Washington, District of Columbia (D.C.), Solutions Technology Inc. (STI), women owned
More informationInformation Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV
Information Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV Location: https://www.pdsimplified.com/ndcbf_pdframework/nist_csf_prc/documents/identify/ndcbf _ITSecPlan_IDGV2017.pdf
More informationCCISO Blueprint v1. EC-Council
CCISO Blueprint v1 EC-Council Categories Topics Covered Weightage 1. Governance (Policy, Legal, & Compliance) & Risk Management 1.1 Define, implement, manage and maintain an information security governance
More informationTHE JOURNEY OVERVIEW THREE PHASES TO A SUCCESSFUL MIGRATION ADOPTION ACCENTURE IS 80% IN THE CLOUD
OVERVIEW Accenture is in the process of transforming itself into a digital-first enterprise. Today, Accenture is 80 percent in a public cloud. As the journey continues, Accenture shares its key learnings
More informationlocuz.com SOC Services
locuz.com SOC Services 1 Locuz IT Security Lifecycle services combine people, processes and technologies to provide secure access to business applications, over any network and from any device. Our security
More informationCapgemini Dynamic Services
Capgemini Dynamic Services Evolution and dynamics of Copyright Capgemini 2015. All Rights Reserved 2 GEN 1 Simple IT GEN 2 Full Outsourcing GEN 3 Tower Sourcing GEN NEXT Micro Sourcing Business IT Interface
More informationMANAGING THE COMPLEXITY.
AS A SERVICE MANAGING THE COMPLEXITY. HOW WILL YOU SIMPLIFY ESN MIGRATION? Control room IT solutions play a vital role in incident management. Technologies such as Integrated Communications Control Systems
More informationCloud Computing Strategy in Sudan
Cloud Computing Strategy in Sudan Yousif Eltahir Sharaf Eldin Ahmed Sudan Academic of Science, Governmental University for Post Graduate Studies, P.O.Box 86, Khartoum Sudan Abstract: Cloud Computing is
More informationInformation Security Controls Policy
Information Security Controls Policy Classification: Policy Version Number: 1-00 Status: Published Approved by (Board): University Leadership Team Approval Date: 30 January 2018 Effective from: 30 January
More informationSecuring the cloud ISACA Korea. Han Ther, Lee CISA, CISM, CISSP, CRISC, ITILF, MCSA
Securing the cloud ISACA Korea Han Ther, Lee CISA, CISM, CISSP, CRISC, ITILF, MCSA What is cloud computing? Source: Wikipedia 2 What is cloud computing A model for enabling:- convenient on-demand network
More informationMigration to Cloud Computing: Roadmap for Success
Migration to Cloud Computing: Roadmap for Success Mohammed Elazab, Professor Emeritus Higher Technological Institute, Tenth of Ramadan, Egypt President, Human and Technology Development Foundation Chairman,
More informationSecurity Management Models And Practices Feb 5, 2008
TEL2813/IS2820 Security Management Security Management Models And Practices Feb 5, 2008 Objectives Overview basic standards and best practices Overview of ISO 17799 Overview of NIST SP documents related
More informationPosition Description IT Auditor
Position Title IT Auditor Position Number Portfolio Performance and IT Audit Location Victoria Supervisor s Title IT Audit Director Travel Required Yes FOR OAG HR USE ONLY: Approved Classification or Leadership
More informationRSA Solution Brief. The RSA Solution for Cloud Security and Compliance
The RSA Solution for Cloud Security and Compliance The RSA Solution for Cloud Security and Compliance enables enduser organizations and service providers to orchestrate and visualize the security of their
More informationIT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18
Pierce County Classification Description IT SECURITY OFFICER Department: Information Technology Job Class #: 634900 Pay Range: Professional 18 FLSA: Exempt Represented: No Classification descriptions are
More informationMySQL CLOUD SERVICE. Propel Innovation and Time-to-Market
MySQL CLOUD SERVICE Propel Innovation and Time-to-Market The #1 open source database in Oracle. Looking to drive digital transformation initiatives and deliver new modern applications? Oracle MySQL Service
More informationCloud Services. Introduction
Introduction adi Digital have developed a resilient, secure, flexible, high availability Software as a Service (SaaS) cloud platform. This Platform provides a simple to use, cost effective and convenient
More informationChapter. Securing the Cloud THE FOLLOWING COMPTIA SECURITY+ EXAM OBJECTIVES ARE COVERED IN THIS CHAPTER:
Chapter 6 Securing the Cloud THE FOLLOWING COMPTIA SECURITY+ EXAM OBJECTIVES ARE COVERED IN THIS CHAPTER: 1.3 Explain network design elements and components. Virtualization Cloud computing: Platform as
More informationChapter 4. Fundamental Concepts and Models
Chapter 4. Fundamental Concepts and Models 4.1 Roles and Boundaries 4.2 Cloud Characteristics 4.3 Cloud Delivery Models 4.4 Cloud Deployment Models The upcoming sections cover introductory topic areas
More informationIntroduction to AWS GoldBase
Introduction to AWS GoldBase A Solution to Automate Security, Compliance, and Governance in AWS October 2015 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document
More informationContents. Navigating your way to the cloud
Contents Navigating your way to the cloud Moving to the digital economy 4 Four essential steps to a successful cloud adoption and deployment 5 Step 1: Full, informed stakeholder involvement 6 Step 2: Targeted
More informationAltius IT Policy Collection Compliance and Standards Matrix
Governance Context and Alignment Policy 4.1 4.4 800-26 164.308 12.4 EDM01 IT Governance Policy 5.1 800-30 12.5 EDM02 Leadership Mergers and Acquisitions Policy A.6.1.1 800-33 EDM03 Context Terms and Definitions
More informationINFORMATION SECURITY. One line heading. > One line subheading. A briefing on the information security controls at Computershare
INFORMATION SECURITY A briefing on the information security controls at Computershare One line heading > One line subheading INTRODUCTION Information is critical to all of our clients and is therefore
More informationCloud Services. Infrastructure-as-a-Service
Cloud Services Infrastructure-as-a-Service Accelerate your IT and business transformation with our networkcentric, highly secure private and public cloud services - all backed-up by a 99.999% availability
More informationPerfect Balance of Public and Private Cloud
Perfect Balance of Public and Private Cloud Delivered by Fujitsu Introducing A unique and flexible range of services, designed to make moving to the public cloud fast and easier for your business. These
More informationIT MANAGER PERMANENT SALARY SCALE: P07 (R ) Ref:AgriS042/2019 Information Technology Manager. Reporting to. Information Technology (IT)
DESIGNATION Reporting to Division Office Location IT MANAGER PERMANENT SALARY SCALE: P07 (R806 593.00) Ref:AgriS042/2019 Information Technology Manager CEO Information Technology (IT) Head office JOB PURPOSE
More informationCLOUD COMPUTING-ISSUES AND CHALLENGES
CLOUD COMPUTING-ISSUES AND CHALLENGES Asstt. Prof.Vandana S.D.S.P.Memorial College for Women, Rayya (India) ABSTRACT Cloud computing is a multifaceted technological paradigm that is outgrowth of decades
More informationA guide for IT professionals. implementing the hybrid cloud
A guide for IT professionals implementing the hybrid cloud A guide for IT professionals implementing the hybrid cloud Cloud technology is maturing and advancing rapidly. And for schools today, hybrid cloud
More informationFundamental Concepts and Models
Fundamental Concepts and Models 1 Contents 1. Roles and Boundaries 2. Cloud Delivery Models 3. Cloud Deployment Models 2 1. Roles and Boundaries Could provider The organization that provides the cloud
More informationAuditing the Cloud. Paul Engle CISA, CIA
Auditing the Cloud Paul Engle CISA, CIA About the Speaker Paul Engle CISA, CIA o Fifteen years performing internal audit, IT internal audit, and consulting projects o Internal audit clients include ADP,
More informationChecklist: Credit Union Information Security and Privacy Policies
Checklist: Credit Union Information Security and Privacy Policies Acceptable Use Access Control and Password Management Background Check Backup and Recovery Bank Secrecy Act/Anti-Money Laundering/OFAC
More informationGET CLOUD EMPOWERED. SEE HOW THE CLOUD CAN TRANSFORM YOUR BUSINESS.
GET CLOUD EMPOWERED. SEE HOW THE CLOUD CAN TRANSFORM YOUR BUSINESS. Cloud computing is as much a paradigm shift in data center and IT management as it is a culmination of IT s capacity to drive business
More informationDATACENTER AS A SERVICE. We unburden you at the level you desire
DATACENTER AS A SERVICE We unburden you at the level you desire MARKET TREND BY VARIOUS ANALYSTS The concept of flexible and scalable computing is a key reason to create a Cloud based architecture 77%
More informationROLE DESCRIPTION IT SPECIALIST
ROLE DESCRIPTION IT SPECIALIST JOB IDENTIFICATION Job Title: Job Grade: Department: Location Reporting Line (This structure reports to?) Full-time/Part-time/Contract: IT Specialist D1 Finance INSETA Head
More informationINDUSTRY PERSPECTIVE
INDUSTRY PERSPECTIVE 1 A Brief Introduction As IT administrators and chief information officers, you face a particular challenge: facilitate the ability for your agency to work remotely, while reducing
More informationData safety for digital business. Veritas Backup Exec WHITE PAPER. One solution for hybrid, physical, and virtual environments.
WHITE PAPER Data safety for digital business. One solution for hybrid, physical, and virtual environments. It s common knowledge that the cloud plays a critical role in helping organizations accomplish
More informationEnabling Hybrid Cloud Transformation
Enterprise Strategy Group Getting to the bigger truth. White Paper Enabling Hybrid Cloud Transformation By Scott Sinclair, ESG Senior Analyst November 2018 This ESG White Paper was commissioned by Primary
More informationAltius IT Policy Collection Compliance and Standards Matrix
Governance Context and Alignment Policy 4.1 4.4 800-26 164.308 12.4 EDM01 IT Governance Policy 5.1 800-30 12.5 EDM02 Leadership Mergers and Acquisitions Policy A.6.1.1 800-33 EDM03 Context Terms and Definitions
More informationEXAM - CL CompTIA Cloud Essentials Exam. Buy Full Product.
CompTIA EXAM - CL0-001 CompTIA Cloud Essentials Exam Buy Full Product http://www.examskey.com/cl0-001.html Examskey CompTIA CL0-001 exam demo product is here for you to test the quality of the product.
More informationGain Control Over Your Cloud Use with Cisco Cloud Consumption Professional Services
Solution Overview Gain Control Over Your Cloud Use with Cisco Cloud Consumption Professional Services OPTIMIZE YOUR CLOUD SERVICES TO DRIVE BETTER BUSINESS OUTCOMES Reduce Cloud Business Risks and Costs
More informationFuture of the Data Center
Future of the Data Center Maine Digital Government Summit November 29, 2012 Dan Diltz Vice President, Public Sector 1 Session Description A new data center is the perfect opportunity to start fresh by
More informationIT Enterprise Services. Capita Private Cloud. Cloud potential unleashed
IT Enterprise Services Capita Private Cloud Cloud potential unleashed Cloud computing at its best Cloud is fast becoming an integral part of every IT strategy. It reduces cost and complexity, whilst bringing
More informationCisco CloudCenter Solution Use Case: Application Migration and Management
Cisco CloudCenter Solution Use Case: Application Migration and Management Application migration and management Cloud computing is here to stay. According to recent Gartner research 1, from 2011 to 2014
More informationCloud Computing An IT Paradigm Changer
Cloud Computing An IT Paradigm Changer Mazin Yousif, PhD CTO, Cloud Computing IBM Canada Ltd. Mazin Yousif, PhD T-Systems International 2009 IBM Corporation IT infrastructure reached breaking point App
More informationCloud Computing introduction
Cloud and Datacenter Networking Università degli Studi di Napoli Federico II Dipartimento di Ingegneria Elettrica e delle Tecnologie dell Informazione DIETI Laurea Magistrale in Ingegneria Informatica
More informationAnalytics in the Cloud Mandate or Option?
Analytics in the Cloud Mandate or Option? Rick Lower Sr. Director of Analytics Alliances Teradata 1 The SAS & Teradata Partnership Overview Partnership began in 2007 to improving analytic performance Teradata
More informationSymantec Data Center Transformation
Symantec Data Center Transformation A holistic framework for IT evolution As enterprises become increasingly dependent on information technology, the complexity, cost, and performance of IT environments
More informationDrive digital transformation with an enterprise-grade Managed Private Cloud
Singtel Business Product Factsheet Brochure Managed Private Defense Cloud Services Drive digital transformation with an enterprise-grade Managed Private Cloud Singtel Managed Private Cloud enables enterprises
More informationThe Emerging Role of a CDN in Facilitating Secure Cloud Deployments
White Paper The Emerging Role of a CDN in Facilitating Secure Cloud Deployments Sponsored by: Fastly Robert Ayoub August 2017 IDC OPINION The ongoing adoption of cloud services and the desire for anytime,
More information